change in routing group

(1) We have a exchange server handling mailboxes and pop3 and the smtp is
routed thriugh ADC.
(2) In ADC we have defined a smart host to DC(which means from ADC the queue
will go to DC for scanning of mails and we have a separate software to scan
mails).
(3) From ADC it will go to excahnge mail box.

The problem is we are upgrading our anti spam software and we have a
separate box for that(symantec). THe requirement is instead of routing to DC
it has to be routed to the box.

The installation engineer was asking us two requirements, one to
change the routing group to route the mails to the box and then a public IP
and an dns entry for that IP.

Please help me out in this issue, as i'm not sure what he meant by
changing the routing group, does he mean just chage the smart host in
ADC(through IIS) or does he mean changing the routing group itself, i'm not
that familiar with routing groups in exchange, so can anyone help me out in
this issue.

You should clarify with him exactly what he's recommending.
Personally, I like scanning boxes in the DMZ or at the network edge -
preferring to keep those nasties from ever entering the internal network
when possible. So for example, your public DNS MX record could point to your
scan box in the DMZ which then forwards on to your internal network. The
configuration of the DMZ can vary but the idea is to scan all your smtp
traffic PRIOR to it ever entering your internal network and hitting your
Exchange server. You could use the smart host feature to route outbound to
your scan box if you want to scan outgoing.

I'm not really sure either. Could be Prakash is confusing the setup of a
smart host using the Advanced Delivery (AD?) tab of the SMTP virtual server
with AD connector terminology? Sounds like they're currently relaying email
to a smart host (somewhere, internally or externally?) for scanning and then
back to Exchange. If that's the case then the engineer is just saying route
all incoming smtp to the scanner first then to Exchange (like the scenario I
described) - which makes way more sense. Since the engineer is advocating a
public ip and DNS (MX) pointing to that ip I suspect that's the case -
putting the scanner outside the internal network - possibly in a DMZ - and
then routing to the internal network. But then I could be confused too.....?

For the purposes of this tip, I will assume that your Exchange
Server deployment is running in mixed mode, and that you will
need to create an SMTP connector. If you already have an SMTP
connector in place, you can modify your existing connector
rather than creating a new one.

3. Right click on the Connectors container and select New ->
SMTP Connectors to view the new connector's properties sheet.

4. Go to the General tab and enter a descriptive name for the
connector into the space provided.

5. Just below the Name field, you are given the choice of
using DNS to route messages to each address space on the
connector, or to forward mail through a smart host. Choose the
smart host option and then enter the IP address of your Symantec
box SMTP server into the space provided.

6. At this point, you must designate an SMTP virtual server to
act as a local bridgehead server. To do so, click the Add button
and then select the server that you want to designate as the
local bridgehead.

7. To define an SMTP address space, select the Address tab and
then either the Entire Organization or the Routing Group option
to set the scope of the address space that you are about to
define.

8. Click the Add button, select the SMTP option, and click
OK.

9. You will now see a dialog box asking for an email domain
and a cost. Go with the defaults and click OK to be taken back
to the Address Space tab.

10. Verify that the "Allow Messages to be Relayed to these
Domains" checkbox is not selected -- otherwise, the entire world
may be able to relay mail through your Exchange Server.

11. Go back to the Advanced tab and click the Outbound Security
button to view the Outbound Security dialog box.

12. Click OK repeatedly until all of the open dialog boxes are
closed.

13. Now verify that the SMTP virtual server you designated to
act as a local bridgehead is configured to listen on TCP port 25
by navigating to Administrative Groups -> your administrative
group -> Servers -> the server that's hosting the designated
SMTP virtual server -> Protocols -> SMTP -> the designated SMTP
virtual server.

14. Right click on the designated SMTP virtual server and
select Properties.

15. Go to the General tab and click on the Advanced button.

16. Verify that the SMTP virtual server is configured to listen
on TCP port 25. If the designated port is something other than
25, you can use the Add button to add port 25 to the list of
ports.

18. Your Exchange Server should now be configured to route
outbound SMTP email through Symantec. To complete the process,
simply restart the Microsoft Exchange Routing Engine service and
the server's SMTP service.

Thanks for such a great response, i will still get more in details about the
set up.

We already have a SMTP connector with Use DNS to route addrees space check
box is checked....

A separate server which is the ADC is acting as SMTP and also as mail
relay(we have a mx record for this server's IP). I dont know how this has
been done may be through IIS(smtp of adc), i'm not sure. From this we have
forwarded all the mails to a smart host IP which is the DC
server(separate). POP3 is handled by our exchange server itself.

The smart host IP is the server where symantec SMTP is configured which is
also the DC and acting as LDAP there is a mx record for this server is also.
Im not sure how to find out whether this particular server is also acting as
SMTP gateway, what i have understood is, after the mails are scanned it is
going out via the smtp gateway (i.e. the ADC server), i dont know if i have
understood wrong.

or maybe there are multiple SMTP connectors, as i'm new t this set up, i'm
finding hard to understand it.

Now there is a separate box that has come and we have to route all the mails
to this box. First what i though was by just changin the smart host IP in
ADC server(which is also the smtp and mail relay) the mails will be pointed
to the new box and scanned and sent to internet throguh ADC server which is
acting as smtp.

But when i changed the smart host IP to the box, it was not working it was
gving me undeliverable message saying unable to relay.

I know it is confusding, its for me also and also sorry for putting forth
such a huge problem in front of you all, since i'm new to this set up im nt
sure whether this can be possible with existing smtp or should i have to
chnge the whole exchange set up for this syamatec box.